I'm reading this document: Load Balancing across VMware Unified Access Gateway Appliances and wondering what is practical difference between:
a) Method 3 - Multiple VIPs (from document)
b) Having two UAGs on different IPs with different FQDNs (A records), without any LB. Users are accessing it via CNAME so they still have single URL and a simple load balancing via round robin is performed.
Drawbacks for method B can be further eliminated by using e.g. f5 gtm or similar solution. Am I missing something here, but I really don't see use for LB (ltm like) in front of UAG.
The LB in front of the UAG when you have multiple UAG's will provide a single point of access. You will have one IP address/name that you point to the horizon client. LTM or whatever LB you use, will manage the distribution of clients between the UAG's. In addition, monitors can be use to check available of the UAG and if it is down clients will not be sent to it.
With your option B you won't have active monitoring or even distribution of clients. Round robin is simple and will just forward to one or the other without a session count.
The reason for multiple VIP portion is do that you can bypass the load balancer and you don't need to create pools for all the different ports.
I am thinking about scenario when you have two ISPs and you want to load balance across them.
With option A you need to have provider independent address space as far as I understand and which is not always available.
If you are trying to load balance between two public IPs and use one DNS namespace then yes you have to do dns round robin. You can still load balance those two public IPs with the F5 to get the benefit of HA/monitoring but it wouldn't be required as you are already doing it at the DNS level.
Someone here view a problem when use a simple dns load balancing on UAG?
I'm experiencing a problem when my users go login with Horizon Client, put the Login/Password, and then the "Authenticating" message don't go away. It's necessary to close the client and then, connect again (3x sometimes).
I don't have problems doing this on Security Servers (and also Connection Servers on Internal LAN). Only with UAG DMZ.
2x UAG on DMZ (3.2.1)
2x CS on LAN (7.4)
If you plan to deploy multiple UAG I would highly recommend a load balancer for the health monitoring. With method b a user can still hit a UAG that you have in quiesce mode if you are doing maintenance. With a load balancer it will detect the UAG is in quiesce mode/down and never send users to it.